T

W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Ethical Hacking
19
th
ofAugust, 2006
Hyderabad, India
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
We appreciate
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Outline

Know your enemy

History and Trends

Anatomy of a hack

System Hacking

Sniffers

Denial of Service

uffer Overflows

Social Engineering
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Know your enemy
Sun Tzu says in the 'Art of War',
If you know yourself but not the enemy, for every victory
gained, you will suffer defeat!
If you know the enemy and know yourself, you need not fear
the result of a hundred battles!
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Know your enemy

Hacker (n) refers to a person who enjoys learning the details

of computer systems and stretch their capabilities.

Hacking (v) describes the rapid development of new

programs or reverse engineering of already existing software to
make the code better and efficient.

Cracker refers to a person who uses his hacking skills for

offensive purposes.

Phreak a hacker variant with an interest in telephones and

telephone systems.

Hactivism refers to an act of hacking in order to

communicate a politically or socially motivated message. An
Internet enabled way to practice civil disobedience and protest.
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Know you enemy

Ethical Hacker refers to security professional who apply

their hacking skills for defensive purposes on behalf of its
owners.

Ethical Hacking is also known as penetration testing,

intrusion testing, red teaming

Ethical hacker looks for the following four basic uestions!

"hat information#locations#systems can an intruder gain

access$

"hat can an intruder see on the target$

"hat can an intruder do with available information$

%oes anyone at the target system notice the attempts$

T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Know your enemy

&acker 'lasses

(cript )iddie

*lack hats

"hite hats

+rey hats

Ethical hacker classes

,ormer *lack hats

"hite hats

'onsulting firms
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Know your enemy
Information Security " # I A
$ #onfidentiality, Integrity, Authentication %
It remains a fact however, that gaining unauthorized access is
a crime, no matter what the intent
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
History ! Trends in Hacking "ulture
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Anatomy of a hack
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Anatomy of a hack #$econnaissance%

-efers to a preparatory phase where an attacker seeks to gather

as much information as possible about the target of evaluation
prior to launching an attack.

.assive reconnaissance involves monitoring network data for

patterns and clues.

Active reconnaissance involves probing the network for

Accessible hosts

/pen ports

0ocation of routers

/perating system details 1if possible services2

T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Anatomy of a hack #$econnaissance%

,ootprinting is a blueprinting of the security profile of an

organi3ation, undertaken in a methodological manner.

(canning refers to a pre4attack phase when the hacker scans

the network with a specific information gathered during
footprinting.

Enumeration involves active connections to systems and

directed ueries
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Anatomy of a hack #Scanning%

5his stage of a hack can be considered to be a logical extension

of active reconnaissance

+et a single point of entry to launch an attack and could be

point of exploit when vulnerability of the system is detected.

/bjectives of port scanning.

/pen ports

&ost operating system

(oftware or service versions

6ulnerable software versions

T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Anatomy of a hack #&aining Access%

+aining access refers to the true attack phase.

5he exploit can occur over a 0A7, locally, Internet, offline, as a

deception or theft.

System &acking

Sniffers

Social 'ngineering

(enial of Service

Session &i)acking

*uffer +verflows

,ootkits

&acking Web servers

Web a--lication vulnerabilities

Web based -assword cracking

S./ in)ection

&acking Wireless networks

0irus and Worms

'vading I(S, firewalls, &oney-ots

#ry-togra-hy
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
'aintaining Access

8aintaining access refers to the phase when the attacker tries to

retain his 9ownership9 of the system.

Install tools such as

-ootkits.

5rojans and its backdoors.

*ackdoors.
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
"overing Tracks

'overing tracks refers to remove the evidence of his presence

and activities.

5echniues include!

5unnelling.

Altering#'learing log files.

%isabling auditing
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
System Hacking

-emote password guessing

.rivilege escalation.

.assword cracking

%ictionary and *rute force attack

(ocial engineering and (houlder sniffing

%umpster %iving

)ey loggers

&iding files

(teganography
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Sniffers

(niffers refer to monitoring data like.

7etwork data.

/perating system data.

(poofing.

8an in the 8iddle.

.assive (niffers

5hrough compromising physical security

:sing a 5rojan &orse.

Active (niffing

A-. spoofing.

%7( spoofing
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Denial of Service

An attack with which an attacker renders a system unusable or

significantly slowdown the system.

8ethods include!

,lood a network.

*andwidth#5hroughput attacks.

.rotocol attacks.

(oftware 6ulnerability attacks.

%isrupt connections between two machines.

.revent a particular individual from accessing a service.

T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
uffer Overflows
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Social Engineering

It is an art of using influence and persuasion to deceive people

for the purpose of obtaining information or to perform some
action.

Even with all firewalls, authentication processes, 6.7,

companies are still wide open to attacks.

&umans are the weakest link in the security chain.

It is the hardest form of attack to defend against.

T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
Summary ! Take home

5here is no single set of methodology that can be adopted for

ethical hacking. 5he terms of reference used for various phases
in the anatomy of a hack may differ, but the essence is the same.

&acking is not for everyone 1there is not half4way2

It takes an objective mind, a lot of free time, and dedication to

keep up with things.

7E6E- use the knowledge for offensive purposes.

T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
$esources

lackHat http(!!www)*lackhat)com!

Astalavista http(!!www)astalavista)com!

"E$T "oordination "enter http(!!www)cert)org!

+eohapsis http(!!www)neohapsis)com!

,acketStorm http(!!packetstormsecurity)org!

Security-ocus http(!!www)securityfocus)com!

SecurityDocs http(!!www)securitydocs)com!

-oundStone http(!!www)foundstone)com!
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
ooks
Book cover pasted here sie is !c" # $c"
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
ooks
Book cover pasted here sie is !c" # $c"
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
App.a*s Technologies ,vt) .td)
http://www.applabs.com/
App.a*s is a glo*al /T services company speciali0ing
in software testing and development services)
/t is the preferred partner for third1party validation)
Special thanks
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
"omm2ault Systems #/ndia% ,vt) .td)
http://www.commvault.com/
"omm2ault is a Storage 'anagement3 ackup
and Disaster $ecovery company incorporated in 4SA
with its &lo*al Development "entre in Hydera*ad3 A,)
Special thanks
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
A*out us
Charter
,romote3 Develop and Showcase Open Source software)
Legal
$egistered 5not for profit6 Society under A),) Societies $eg Act3 7889)
Management
&overned *y Society y1.aws) .ed *y :1mem*er *oard of directors)
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
A*out us )))
website
%%%&t%inc'ing&org
mailing list
groups&yahoo&co"(group(t%inc'ing
forum )soft%are **+ t%inc'ing,
http-((%%%&nabb'e&co"(t%inc'ing*f1!$.1&ht"'
T
W
I
N
C
L
I
N
G

S
o
c
i
e
t
y
A*out us )))
irc
/twincling
helpline
+91-99496 50605
+91-99499 91585
more info
'r) Kumar S) +) 1 Public Relations & Strategic Alliances